Porn site BangBros apparently leaked millions of records, including user data
Porn site BangBros has allegedly exposed user and model information, cyber security site Cybernews reported.
In June, the research team at Cybernews discovered more than eight gigabytes of sensitive information about BangBros users. This information included IP addresses, usernames, messages, countries and geolocations, and model names, ages, and descriptions.
“Although the credentials were not leaked directly, hackers can associate the IP addresses with the identity from other leaks,” explained Cybernews information security researcher Mantas Kasiliauskis in its reporting.
The sensitive information had been stored on an unprotected instance of Elasticsearch, a searchable distributed document storage system typically used for high-volume data. The largest file of the leak contained nearly 11 million records. Cybernews researchers claim this data was likely left unprotected because of an “inadvertent configuration error.”
Cybernews contacted BangBros, and the error was fixed. According to Cybernews, however, there’s still a risk to users if adversaries accessed the data.
“If bad actors managed to get their hands on this data, they might trace and link adult content viewers’ habits to specific individuals,” Kasiliauskis said. “Combined with other private information, this could lead to significant privacy issues, cause personal embarrassment, and result in social stigma in places with conservative attitudes.”
Mashable has reached out to BangBros for comment and will update if we hear back.